diff --git a/machines/bomba/networking.nix b/machines/bomba/networking.nix
index be2462d..806c4f4 100644
--- a/machines/bomba/networking.nix
+++ b/machines/bomba/networking.nix
@@ -1,25 +1,26 @@
 { ... }:
+let
+  dockerNetwork = "172.18.0.0/16";
+in
 {
   networking = {
     networkmanager.enable = true;
+    nftables.enable = true;
     firewall = {
+      enable = true;
       allowedTCPPorts = [
         22
         80
         443
-        5900
-      ];
-      allowedTCPPortRanges = [
-        {
-          from = 8001;
-          to = 8005;
-        }
       ];
       allowedUDPPorts = [
         80
         443
       ];
-      enable = true;
+      extraInputRules = ''
+        ip saddr ${dockerNetwork} tcp dport 5900 accept
+        ip saddr ${dockerNetwork} tcp dport 8001-8005 accept
+      '';
     };
   };
 }